DEBIAN-CVE-2026-33176
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-33176
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-33176.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2026-33176
- Upstream
- Published
- 2026-03-24T00:16:28.807Z
- Modified
- 2026-04-28T20:32:45.908863Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept strings containing scientific notation (e.g.
1e10000), whichBigDecimalexpands into extremely large decimal representations. This can cause excessive memory allocation and CPU consumption when the expanded number is formatted, possibly resulting in a DoS vulnerability. Versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 contain a patch. - References
Affected packages
Debian:11 / rails
Package
- Name
- rails
- Purl
- pkg:deb/debian/rails?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:6.*
2:6.0.3.7+dfsg-2
2:6.0.3.7+dfsg-2+deb11u1
2:6.0.3.7+dfsg-2+deb11u2
2:6.0.3.7+dfsg-2+deb11u3
2:6.0.3.7+dfsg-2+deb11u4
2:6.0.3.7+dfsg-3
2:6.1.4+dfsg-1
2:6.1.4+dfsg-2
2:6.1.4+dfsg-3
2:6.1.4+dfsg-4
2:6.1.4.1+dfsg-1
2:6.1.4.1+dfsg-2
2:6.1.4.1+dfsg-3
2:6.1.4.1+dfsg-4
2:6.1.4.1+dfsg-5
2:6.1.4.1+dfsg-6
2:6.1.4.1+dfsg-7
2:6.1.4.1+dfsg-8
2:6.1.4.6+dfsg-1
2:6.1.4.6+dfsg-2
2:6.1.4.6+dfsg-3
2:6.1.4.7+dfsg-1
2:6.1.4.7+dfsg-2
2:6.1.6.1+dfsg-1
2:6.1.6.1+dfsg-2
2:6.1.6.1+dfsg-3
2:6.1.6.1+dfsg-4
2:6.1.7+dfsg-1
2:6.1.7+dfsg-2
2:6.1.7+dfsg-3~bpo11+1
2:6.1.7+dfsg-3~bpo11+2
2:6.1.7+dfsg-3
2:6.1.7.3+dfsg-1~bpo11+1
2:6.1.7.3+dfsg-1
2:6.1.7.3+dfsg-2~deb12u1
2:6.1.7.3+dfsg-2
2:6.1.7.3+dfsg-3
2:6.1.7.3+dfsg-4
2:6.1.7.3+dfsg-5
2:6.1.7.3+dfsg-6
2:6.1.7.3+dfsg-7~exp1
2:6.1.7.3+dfsg-7
2:6.1.7.3+dfsg-8
2:6.1.7.3+dfsg-9
2:6.1.7.3+dfsg-10
2:6.1.7.3+dfsg-11
2:6.1.7.3+dfsg-12
2:6.1.7.3+dfsg-13
2:6.1.7.10+dfsg-1~deb12u1
2:6.1.7.10+dfsg-1~deb12u2
2:7.*
2:7.2.2.1+dfsg-1~exp1
2:7.2.2.1+dfsg-1~exp2
2:7.2.2.1+dfsg-1~exp3
2:7.2.2.1+dfsg-1~exp4
2:7.2.2.1+dfsg-1~exp6
2:7.2.2.1+dfsg-1
2:7.2.2.1+dfsg-2
2:7.2.2.1+dfsg-3
2:7.2.2.1+dfsg-4
2:7.2.2.1+dfsg-5
2:7.2.2.1+dfsg-6
2:7.2.2.1+dfsg-7
2:7.2.2.2+dfsg-1
2:7.2.2.2+dfsg-2~deb13u1
2:7.2.2.2+dfsg-2
2:7.2.3+dfsg-1
2:7.2.3+dfsg-2
2:7.2.3+dfsg-3
2:7.2.3.1+dfsg-1
Debian:12 / rails
Package
- Name
- rails
- Purl
- pkg:deb/debian/rails?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:6.*
2:6.1.7.3+dfsg-1
2:6.1.7.3+dfsg-2~deb12u1
2:6.1.7.3+dfsg-2
2:6.1.7.3+dfsg-3
2:6.1.7.3+dfsg-4
2:6.1.7.3+dfsg-5
2:6.1.7.3+dfsg-6
2:6.1.7.3+dfsg-7~exp1
2:6.1.7.3+dfsg-7
2:6.1.7.3+dfsg-8
2:6.1.7.3+dfsg-9
2:6.1.7.3+dfsg-10
2:6.1.7.3+dfsg-11
2:6.1.7.3+dfsg-12
2:6.1.7.3+dfsg-13
2:6.1.7.10+dfsg-1~deb12u1
2:6.1.7.10+dfsg-1~deb12u2
2:7.*
2:7.2.2.1+dfsg-1~exp1
2:7.2.2.1+dfsg-1~exp2
2:7.2.2.1+dfsg-1~exp3
2:7.2.2.1+dfsg-1~exp4
2:7.2.2.1+dfsg-1~exp6
2:7.2.2.1+dfsg-1
2:7.2.2.1+dfsg-2
2:7.2.2.1+dfsg-3
2:7.2.2.1+dfsg-4
2:7.2.2.1+dfsg-5
2:7.2.2.1+dfsg-6
2:7.2.2.1+dfsg-7
2:7.2.2.2+dfsg-1
2:7.2.2.2+dfsg-2~deb13u1
2:7.2.2.2+dfsg-2
2:7.2.3+dfsg-1
2:7.2.3+dfsg-2
2:7.2.3+dfsg-3
2:7.2.3.1+dfsg-1
Debian:13 / rails
Package
- Name
- rails
- Purl
- pkg:deb/debian/rails?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:14 / rails
Package
- Name
- rails
- Purl
- pkg:deb/debian/rails?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2:7.2.3.1+dfsg-1